Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
ACSC Essential Eight
The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security. The ACSC recommends all Australian organizations implement the Essential Eight mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. The baseline, known as the Essential Eight, are foundational cyber security measures that make it much harder for adversaries to compromise systems.
The Essential Eight Maturity Levels allow organizations to assess the appropriateness of their cyber security measures against common threats in today’s interconnected ICT landscape.
Audience
The Essential Eight (maturity level 2) is a mandatory requirement for all Australian noncorporate Commonwealth entities subject to the PGPA Act (as per PSPF Policy 10). See the PGPA legislation, associated instruments and policies for further information about Australian Government advice on PGPA legislation, associated instruments, and policies.
This article is intended for security advisers, security assessors, system architects and decision makers who wish to assess an organization’s maturity level and implement the necessary controls to achieve the required maturity level.
These documents represent Consumer Guidance for the purposes of the cloud security assessment process. This material should also be considered and referenced within Microsoft’s relevant IRAP Assessment Reports (for example, Azure IRAP Assessment) and ACSC advice.
If you require more information on Essential Eight, contact Essential-8@Microsoft.com.
What are the Essential Eight pillars?
See the following articles to learn about each pillar and how you can implement the controls to achieve a maturity level.
- Application Control
- Patch Applications
- Configure Microsoft Office Macro Settings
- User Application Hardening
- Restrict Administrative Privileges
- Patch Operating Systems
- Multi-Factor Authentication
- Regular Backups
Moving from Essential Eight implementation to monitoring and continuous compliance
Essential Eight assessment and remediation using these documents is a point in time activity to achieve the desired maturity level.
However, to maintain security policies and/or compliance baselines, Microsoft recommends using these guides with the objective to stay continually compliant by preventing compliance drift by using Microsoft Purview Compliance Manager.
Purview Compliance Manager Essential Eight Premium templates are available on Essential Eight at all three levels to automate and assist from a monitoring, continuous assessment and configuration drift/configuration management perspective.
Additionally, there are premium templates for IRAP compliance at Official and Protected for Australian organizations requiring this level assurance.
Feedback
Submit and view feedback for